Scale - Best Practices for Migrating your Microsoft Workloads to AWS

1. P U B L I C S E C T O R S U M M I T SINGAPORE

2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Best Practices for Migrating your Microsoft Workloads to AWS Steve Sofian Senior Solutions Architect Worldwide Public Sector AWS

3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T The focus of this session is on migrating your existing Microsoft applications to Amazon Web Services (AWS) • Holistic approach to migrating typical Microsoft Applications on AWS • Process for building your landing zone on AWS with security first approach, including fully automated compliance controls, before embarking on your migration • Approach to build repeatable architectures In this session

5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Most Experience 11years running Windows workloads service offerings 165+ Global Reach & High Availability 66Availability Zones spanning 21 geographic Regions with consistency 80,000 Capable of delivering up to Security & Compliance IOPS/ instance HIPAA, FISMA, ITAR, EU Model Clauses 50+compliance certifications SOC-1,2,3 FIPS, ISO 72price reductions since 2006 Customer Obsession & Innovation Improve TCO Why customers choose AWS for their Microsoft Applications

6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Innovation for Windows on AWS Key Windows launches since 2008 90+ 40+ 750+ instance types, 22 instance families different AMIs for Windows workloads Windows ISV listings in AWS Marketplace Windows Deep Learning AMI Hyper-V support in SMS Application-consistent Snapshots through VSS WS 2008 & SQL Server 2008 Visual Studio Toolkit Microsoft SCOM plug-in release AWS Directory Service Amazon EC2 Dedicated Hosts (BYOL) Microsoft SharePoint 2016 (Marketplace) Windows Server 2008 R2 SQL Server 2008 R2 Windows Server 2003 SQL Server 2005 .NET SDK Microsoft SCVMM Plug-in Windows Server 2012 SQL Server 2012 AWS Tools for Windows PowerShell Amazon RDS adds SQL Server Amazon EC2 Run Command Amazon EC2 Systems Manager Windows Server & SQL Server 2016 Amazon EC2 Dedicated Instances (BYOL) .NET on AWS Lambda & Codebuild SAP instance on AWS 2012 Trusted Advisor checks for Windows SQL Server 2017 on Amazon EC2/Amazon RDS X-Ray .NET SDK CustomerAdoption Windows for Lightsail .NET Core & Powershell on AL2/Ubuntu 2008 Today .NET Core 2.0 Support with AWS Lambda & AWS X-Ray Windows Containers .NET Core 2.1 Support

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Tools for Windows development Visual Studio PowerShell NuGet Command line Visual Studio Team Services (VSTS) AWS Toolkit for Visual Studio AWS SDK for .NET AWS Tools for Powershell AWS Command Line Interface (AWS CLI) AWS Tools for VSTS

8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Flexible options for Microsoft licenses in the AWS Cloud 1. Flexible pay-as-you-go licensing choices 2. Bring your license mobility benefits to AWS 3. Bring licenses to AWS without paying software assurance Dedicated options for licenses not eligible for License Mobility Default tenancy for License Mobility eligible products with Software Assurance AWS licensing Buy license-included instances from AWS (Windows Server, SQL Server) Bring licenses to AWS

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Network design Amazon VPC Design Subnet Design Access Control Lists & Security Groups Logging and Monitoring VPN/ AWS Direct Connect AWS Cloud

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T What does every enterprise Microsoft Service depend on? • Active Directory • With AWS Directory Service for Microsoft Active Directory, identify your AD architecture • You can choose to extend your existing domain or domains into AWS or deploy a new domain in AWS—with or without trust relationships • Bring your existing group policies

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Managed Directory Service for Microsoft AD AWS Managed Microsoft AD Directory SaaS Applications Azure AD Amazon WorKSpaces RDS for SQL Server Amazon WorkDocs Amazon WorkMail Amazon QuickSight AWS Management Console Amazon Chime Amazon Connect AWS Apps & Services Enable, authenticate, & authorize Manage, authenticate, & authorize .NET Applications Server SharePoint Server AD-aware Workloads SQL ServerRemote Desktop Licensing Manager .NET SharePoint SQL Server RD Licensing Enterprise Certificate Authority Certificate Services Domain join & manage Amazon Windows EC2 instances Amazon Linux EC2 instances Amazon EC2 SAML authenticate Synchronize users AD FS Server AD FS Azure AD Connect Server Federate ADSync On-premises Microsoft Active Directory On-premises user credentials Department data center

13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Microsoft Active Directory migration using ADMT Availability Zone B Department Network Trust relationship Availability Zone A department.local VPNDomain client AWS Managed Microsoft AD PES Install ADMT DC1 AWS Direct Connect

14. Auto scaling group Amazon VPC Public subnet Availability Zone 1 NAT gateway IIS Web/App Public subnet Availability Zone 2 NAT gateway Always-on availability group Instance InstanceRDGW RDGW VPN connection On-premises Client Amazon VPC endpoint Private subnet Private subnet VPN gateway Internet gateway Users IIS Web/App Microsoft Workload Sample Reference Architecture

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Where can I run SQL Server workloads on AWS? Amazon Relational Database Service (Amazon RDS) Amazon Elastic Compute Cloud (Amazon EC2) Managed service with up to 64 vCPU, 488 -GB RAM, and 16-TB storage Self-managed virtual machine with up to 128 vCPU, 4-TB RAM, and 400-TB storage MS SQL instance

17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T SQL Server Amazon EC2 vs Amazon RDS: Which should I use? Amazon EC2 Amazon RDS License included   BYOL  Full control over the instance  Automated backups  Self-managed AlwaysOn Availability Groups  AWS-managed Multi-AZ deployment 

18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T SQL Server storage optimization Storage I/O contention is one of the main causes for poor SQL Server performance • Use Amazon EBS Optimized Amazon EC2 Instances • Match storage technology with I/O pattern of workload components • Match instance type to IOPS and throughput needs of workload • Create a single volume for data and logs

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T SQL Server migration options * Network bandwidth and latency considerations Migration method Amazon RDS Target Amazon EC2 Target Downtime DB Objects Cross- Engine Backup/Restore Yes Yes Yes (hrs) Data, Schemas, Stored Procedures, Triggers, Indexes No Import/Export Bulk Copy Yes Yes Yes (mins-hrs) Data, Schemas, Stored Procedures, Triggers, Indexes No SQL Log Shipping* No Yes Minimal (secs-mins) Pre-create the DB, Sync No Hybrid Architecture* No Yes Minimal (secs-mins) Pre-create the DB, Sync No AWS DMS* Yes Yes Minimal (secs-mins) With SCT (Data, Schemas, Stored Procedures, Triggers, Indexes) Yes (SCT)

20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Application users AWS Database Migration Service for live migration Start a replication instance Connect to source and target databases Select tables, schemas, or databases Let AWS Database Migration Service (AWS DMS) create tables, load data, and keep them in sync Switch applications over to the target at your convenience Customer premises AWS Internet VPN

21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Direct Connect A private connection between your data center, office, or colocation environment and AWS AWS Snow family (Snowball, Snowball Edge, Snowmobile) Secure, physical transport appliances that move up to Exabytes of data into and out of AWS AWS Storage Gateways Hybrid storage that seamlessly connects on-premises applications to AWS storage; ideal for backup, DR, bursting, tiering, or migration Amazon Kinesis Data Firehose Capture, trans- form, & load streaming data into Amazon S3 for use with Amazon business intelligence and analytics tools Amazon EFS File Sync Up to 5x faster file transfers than open source tools. Ideal for migrating data into Amazon EFS or moving between cloud file systems Amazon S3 Transfer Acceleration Up to 300% faster transfers into and out of Amazon S3; ideal when working with long geographic distances APN Competency Partners Integrations between third-party vendors and AWS services; ideal for leveraging existing software licenses and skills Networks Shipping Hybrid Many ways to move data to AWS

22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS Snowball AWS Snowball Edge AWS Snowmobile • 80 TB capacity/10 G network • Data encryption end-to-end • Rugged 8.5 G impact case • Rain and dust resistant • 100 TB capacity/10 Gb network • Data encryption end-to-end • Rugged 8.5 G impact case • Rain and dust resistant • Compute and storage for hybrid/edge workloads • Rack-mountable, clusterable • Exabyte-scale 45ft container • Data encryption end-to-end • Dedicated security personnel • GPS tracking, alarm monitoring, 24/7 surveillance, and optional additional security AWS Snow family

24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Application migration options Start replication Deploy AWS SMS connector Tag AMIs Deploy using AWS CloudFormation (CF) Swap blue- green Use ECR for storing images Create/extend code build to AWS Deploy using CF RefactorSelect AWS Serverless services Deploy using SAM ReplatformRehost Refactor Fastest Cloud economies Adopt cloud native services

25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Rehost using AWS Server Migration Service vSphere ESXi HOST ESXi HOST ESXi HOST AWS SMS SMS VM Web AMI App AMI AMI AMI

26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T .NET application migration strategies  Deploy .NET framework apps “as is” to Amazon EC2  Every app can have custom server configuration, different .NET Framework versions, IIS configuration, dependencies, etc.  Containerize in Windows Containers and orchestrate with Amazon ECS  Supports different .NET Framework versions, IIS configurations, dependencies  Reduces $$ for OS licensing costs (host only)  Port to .NET Core and run in Amazon ECS or Fargate as Linux Containers, Windows Nano containers, or serverless  No OS licensing costs, smaller containers  Enables deploying apps to AWS Lambda LevelofEffort Level of effort

27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Replatform using Amazon ECS Developers Version Control Repository Test & Deployment Manager Infrastructure Provisioning Container Scheduling & Orchestration Image Build Service Container Image Repository AWS Toolkit for Visual Studio

28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Replatform Windows file servers using file gateway Customer Premises HTTPS SMB or NFS File gateway Objects in your Amazon S3 bucket Application server • Supports SMB & NFS protocols • Fully-managed local cache for low latency access • Ownership, permissions, and timestamps are preserved • Files stored as native Amazon S3 objects • Apply versioning, lifecycle management, and cross-region replication (CRR) policies Store and access objects in Amazon Simple Storage Service (Amazon S3) from file-based applications with local caching

29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Refactor using AWS Lambda Amazon VPC private subnet Pull data from CSV file Perform ETL Insert data into SQL table Upload users Data dropped in Amazon S3 schedule/event triggered DB in private subnet DB on instance Web 01 Web 02 Web 03 App 01 App 02 App03 SQL 01 SQL 02 Batch Jobs Department Website Profile # 1 Regulatory apps (PCI) with batch jobs Implement scheduled tasks with AWS Lambda

31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Repeatable Windows stacks using AWS CloudFormation Template File Defining Stack CodeCommit, Git, etc… Dev Test Prod The entire Windows stack can be represented in an AWS CloudFormation template Use the version control system of your choice to store and track changes to templates Build out multiple Windows stacks for dev, test, and production using templates

32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T AWS WAF • PCI • OWASP Top 10 • Bot protection • SQLi/XSS • IP reputation • CMS protection AWS WAF – working with managed rulesets

33. All-in on AWS • Continuous compliance • Scalability • Zero down time migration • Improved security • Turnkey high availability • Optimized performance • Improved agility • Lower TCO • Improved developer productivity H AZ1 AZ2

34. AlwaysOn AG (Synchronous) Final state architecture Security, Certificate, and Key Management Configuration and Systems Management Storage and Archiving Monitoring, Auditing, and Logging DevOps Availability Zone 2 (AZ2) Availability Zone 1 (AZ1) Security Group Web Server Application Auto Scaling Private Subnet Security Group App Server Security Group Security Group Domain Controller AWS Managed Microsoft AD SQL Server or Amazon RDS SQL Server (Secondary) or Replica Replica Replica Public Subnet NAT GW Security Group WAP/Proxy /RDGW Security Group Web Server Auto Scaling Private Subnet Security Group App Server Auto Scaling Security Group SQL Server Security Group Domain Controller AWS Managed Microsoft AD or Amazon RDS SQL Server (Secondary) or Replica Replica Replica Public Subnet NAT GW Security Group WAP/Proxy /RDGW Internet Gateway Domain Controller Domain Controller Denver Domain Controller Domain Controller New York VPN/ Direct C0nnect IAM Systems Manager Amazon S3 AWS CloudTrail AWS CodeDeploy AWS CodePipeline AWS CodeBuild AWS CodeCommit Amazon CloudWatch Amazon S3 Glacier Amazon VPC Endpoint Amazon Inspector AWS Config Cloud HSM AWS Certificate Manager (ACM) CloudFront (Content Dist. Network) AWS Shield (DDOS) AWS WAF (Web Application Firewall Route 53 (DNS) Internet Application Auto Scaling Application Auto Scaling Application Auto Scaling Application Auto Scaling Application Auto Scaling

36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Automation is key. How do I automate updates? Start temporary instance AWS latest Windows AMI Update Amazon EC2Config or Amazon EC2 Launch Update PV drivers and run Windows updates Invoke user provided scripts Run a sysprep/ generalise Stop temporary instance Custom AMI ready for deployment

38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Operating your cloud Self-Managed • AWS Service Catalog • AWS Systems Manager • AWS Management Tools & Services • Modeling and provisioning • Automation and operations • Monitoring and logging • Third-party tools AWS Managed Services (AMS) Partner Managed •40+ curated services •“Month-to-month” terms •Addresses security and compliance (PCI, SOC, ISO, HIPAA, NIST certified/compliant) •Seven management services provided •100+ Managed Service Partners (MSP) •Certification program •Third-party audit •Full lifecycle services https://aws.amazon.com/partners/msp/ Multiple operational models to fit your needs

39. Putting it all together Microsoft Windows Amazon EC2 Instances AMI Amazon Inspector Golden AMI AMI Factory with Amazon Inspector ADFS SAML Token Users On-premises AD Integration L2, L3, L4, & L7 Native Security Maintenance windows Patch manager Run command State manager Parameter store Native Windows Security Management Tools Detective, Corrective Controls Logging, Monitoring Controls Automate Migration H

40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Migration summary • Seamlessly migrated core business applications, Active Directory, SQL Server, and .Net applications to AWS • Built highly available application architecture using multiple Availability Zones (Is HA = DR?) • Implemented centralized governance and compliance using AWS Landing Zone solution • Minimized downtime and risks with AWS Server Migration Service & AWS Data Migration Service • Used AWS CloudFormation service to deploy infrastructure as a code • Used Amazon ECS to simplify deployment of containerized .Net applications • Modernize .Net applications with AWS Lambda serverless functions • Leveraged flexible licensing options • Simplified operations with cloud native tools like AWS Systems Manager

41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Tools to help you migrate AWS MIGRATION SERVICES AWS Server Migration Service AWS Database Migration Service VMware Cloud on AWS AWS Schema Conversion Tool AWS Application Discovery Service Amazon S3 Transfer Acceleration AWS Storage & File Gateway AWS Direct Connect AWS Snowball & Snowmobile Amazon Kinesis Data Firehose AWS DATA TRANSFER Inventory Business Case App Dependency Mapping Validation Workload & Data Migration Deep Discovery & Planning Found on AWS MIGRATION HUB A single location to track the progress of application migrations across AWS and partner solutions Partner migration tools are vetted by AWS Deloitte Deloitte DeloitteDeloitte

43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Resources Amazon Web Services and Microsoft FAQ https://aws.amazon.com/windows/faq/ Microsoft Licensing on AWS https://aws.amazon.com/windows/resources/licensing/ Microsoft Servers on the AWS Cloud—Quick Start https://docs.aws.amazon.com/quickstart/latest/accelerator-msservers/welcome.html Short Video Series on How to run Windows workloads on AWS https://www.youtube.com/playlist?list=PLhr1KZpdzukcZEpM1wap9dkr3zgTRdRrD Explore .Net on AWS https://aws.amazon.com/developer/language/net/ AWS Landing Zone solution https://aws.amazon.com/answers/aws-landing-zone/ Whitepapers http://aws.amazon.com/microsoft/whitepapers

Scale - Best Practices for Migrating your Microsoft Workloads to AWS

Du liest eine Vorschau.

Hier ansehen

Scale - Best Practices for Migrating your Microsoft Workloads to AWS

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Scale - Best Practices for Migrating your Microsoft Workloads to AWS (20)

Weitere von Amazon Web Services (20)